OpenVPN both TCP and UDP?

[elorimer]

server certificate goes in the cert field, server key in the key field.

 

[gjf]

server certificate goes in the cert field, server key in the key field.

Unsupported certificate purpose.
I really think server and client ones should be different.

 

[elorimer]

Perhaps I am confused. I have to go the further step of manipulating things for my Chromebooks and I more than once have ended up in an unworkable state.

I'm not sure which router or firmware you are on, or the parameters of your certificate. You might think about saving the configuration and the jffs so you can go back, then resetting the servers to default, rebuild the configurations you want, and see what the resulting configuration looks like and where the certs ended up. Then you can go back to the original configuration and do the same.

 

[gjf]

Anyway - I've got this problem solved. Let's proceed to compression if you please.

Do I understand correctly it is safer to switch compression to disabled or none to both client and server for a better security?

Just to understand one each other - are you talking about VORACLE?

 

[elorimer]

VORACLE, yes.

Disabled on both, I think. None enables compression without pushing a method, which means it could later be negotiated.

 

[gjf]

VORACLE, yes.

Disabled on both, I think. None enables compression without pushing a method, which means it could later be negotiated.

OK, I disabled it.
Anyway, VORACLE is still just a concept without even PoC. But security is security

Thank you for all your recommendations!